Category Archives: Sonatype Says

Agile, Component Development & DevOps – A Natural Match


September 23, 2013 By
Derek Weeks

Can you think of a technology concept that is more hyped than DevOps? We’ve moved past cloud & virtualization, and while not as hyped as Big Data or mobile, everyone on the development and operations side is talking about DevOps, not to mention DevOpsSec.  Using several blog posts, I’m going to layout the vision for […]

Continue reading...

Policy Hierarchy & Inheritance: Simplified Policy Management


September 13, 2013 By
Derek Weeks

We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management. Jeff Wayman does a great job of describing […]

Continue reading...

Sonatype Reduces Licensing Risks for .Net Developers with Integration to NuGet and Visual Studio


September 9, 2013 By
Karen Gardner

I continue to be in awe of this stat: the composition of today’s applications is often as high as 90% open source components and only 10% custom source code. A true testament to the value of open source in helping speed the delivery of custom built applications. (This amazing, but true, stat is based on […]

Continue reading...

Important: Apache Struts Framework Security Alert


August 13, 2013 By
Derek Weeks

The popular Apache Struts Framework, a toolkit used to build many of today’s web applications, has a critical vulnerability that was recently announced by the Struts team at Apache. The National Institute of Standards and Technology (NIST) has added the exposure to the National Vulnerability Database and assigned a critical score (9.3 out of 10). […]

Continue reading...

A Brief and Incomplete History of DevOps


July 29, 2013 By
Jessica Dodson

The use of DevOps methodology and a structured process for integrating security into the development process is becoming more prevalent as large enterprises are seeing the benefits of a strategic alliance between development teams and operations. Instead of throwing the pig over the fence and hoping it turns into bacon by the time it touches […]

Continue reading...

Application security needs to be redefined to stay relevant


July 26, 2013 By
Derek Weeks

Ok, so maybe it’s not the definition that’s the problem. Maybe it’s the fact that most people think of DAST and SAST when it comes to application security.  And when most developers are faced with DAST and SAST, they run for cover. Or maybe it’s the fact that most security practices are primarily focused on […]

Continue reading...

Sonatype applauds GitHub’s approach to encourage OSS license selection


July 18, 2013 By
Derek Weeks

GitHub’s move to encourage developers to select an open source license for source code published to GitHub highlights the need for organizations to properly manage license concerns. The Central Repository, sponsored by Sonatype, has long since required license information for binaries that are  added, but encouraging license selection as part of the source code process […]

Continue reading...

Join Us for Nexus Live: Profiling your Nexus installation using JMX


July 12, 2013 By
Emily Blades

Wondering what’s new in Nexus? Just ask the experts. Join Brian Fox and Richard Seddon for Nexus Live next Wednesday, July 17, 2013 from 12:00PM-1:00PM EDT (GMT-0400) to: Learn how to profile your Nexus installation using JMX Ask questions live and get answers from top community contributors and respected Nexus professionals How to join: No […]

Continue reading...